1. Field of the Invention
This invention relates in general to computer-implemented systems, and, in particular, to ensuring authorized access to dynamic Web pages stored in a system cache.
2. Description of Related Art
The Internet computer network is a collection of computer networks that exchange 15 information via the Transmission Control Protocol/Internet Protocol (xe2x80x9cTCP/IPxe2x80x9d) protocol suite. Currently, the use of the Internet computer network for commercial and non-commercial uses is exploding. Via its networks, the Internet computer network enables users in different locations to access information stored in data sources (e.g., databases) on servers distributed across these networks.
The World Wide Web (i.e., the xe2x80x9cWWWxe2x80x9d or the xe2x80x9cWebxe2x80x9d) is a hypertext information and communication system used on the Internet computer network with data communications operating according to a client/server model. Typically, a user of a Web browser at a Web client computer will request data stored in data sources from a Web server computer, at which Web server software resides. The Web server software interacts with other computer programs that use interfaces to connect to these data sources, for example, a database managed by a Database Management System (xe2x80x9cDBMSxe2x80x9d), or uses the interfaces directly to access these data sources. These computer programs residing at the Web server computer transmit the requested data to the client computer in worldwide web documents referred to as web pages. The data can be of many different types of information, including database data, images, video clips, or audio tracks.
Web pages can be static web pages (i.e. web pages with fixed content that are pre-generated long before the Web client request is issued) or dynamic web pages (i.e., web pages whose content is dynamically generated at the time the web client request is processed).
Dynamic web pages are typically expensive to generate because they contain data that must be obtained dynamically at web servers from either local or remote data sources. For this reason, web server caches are frequently used to store dynamic Web pages that are requested by multiple users.
Dynamic web pages often contain data from secured data stores. When a dynamic web page is created, the user identifier (userid) associated with the process or thread creating the web page must have the authority to access the data from the secured data stores that is to be incorporated into the web page. Several products that generate dynamic web pages also permit the selective caching of these dynamic web pages so that an individual dynamic web page need not be recreated when a subsequent request for the same page is processed. These products do not perform any authorization checks to determine whether the userid associated with the subsequent request has the authority to execute the application that generated the cached web page or to access any secured data or objects that may be contained within or referenced by that web page. Such an approach can easily make sensitive data contained within cached web pages available to users that lack the authorization to access and view it within the secured data stores from which it was originally extracted.
Thus, there is a need in the art for ensuring authorized access to the content of dynamic web pages stored in a system cache.
To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method, apparatus, and article of manufacture for processing a request that requires the dynamic generation of a web page.
In accordance with the present invention, a request to generate a dynamic web page is received. It is determined whether the request can be satisfied by using a cached web page and whether the userid associated with the request is authorized to access the cached web page. When it is determined that the request can be satisfied and that the userid has the proper authorization, the cached web page is used to satisfy the request.